EUVD-2023-36411

Malicious code in bioql PyPI...

EUVD-2021-33118

Malicious code in bioql PyPI...

CVE-2023-32143

D-Link DAP-1360 webupg UPGCGICheckAuth Numeric Truncation Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1360 routers. Authentication is not required to exploit this vulnerability. The...

CVE-2023-32143 D-Link DAP-1360 webupg UPGCGI_CheckAuth Numeric Truncation Remote Code Execution Vulnerability

D-Link DAP-1360 webupg UPGCGICheckAuth Numeric Truncation Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1360 routers. Authentication is not required to exploit this vulnerability. The...

CVE-2023-32143

CVE-2023-32143 describes a remote code execution in D-Link DAP-1360 (and DAP-2020) routers. The flaw is in handling requests to the /cgi-bin/webupg endpoint, where improper validation can cause an integer overflow during buffer allocation, allowing network-adjacent attackers to execute code with ...

D-Link DAP-1360 webupg UPGCGI_CheckAuth Numeric Truncation Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1360 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of requests to the /cgi-bin/webupg endpoint. The issue...

The vulnerability of the UPGCGI_CheckAuth() function in D-Link’s wireless access points DAP-2020 and DAP-1360 allows a hacker to execute arbitrary code.

The vulnerability of the UPGCGICheckAuth function in D-Link’s wireless access points DAP-2020 and DAP-1360 is related to numerical truncation errors during the processing of the binary file webupg. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

PT-2022-6602 · D Link · D-Link Dap-2020 +1

Name of the Vulnerable Software and Affected Versions: D-Link DAP-1360 affected versions not specified D-Link DAP-2020 affected versions not specified Description: This issue allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link routers. Authentication is...

The vulnerability of the cgi-bin/webupg component in D-Link DIR-825AC G1 router microprogramming software allows a hacker to execute arbitrary commands.

The vulnerability of the cgi-bin/webupg component in D-Link DIR-825AC G1 router microprogramming software is related to incorrect processing of the cmd parameter. Exploiting this vulnerability allows an attacker to execute arbitrary commands using a specially created POST request...

The vulnerability of the cgi-bin/webupg component in D-Link DIR-825AC G1 router microprogramming software allows attackers to circumvent security restrictions.

The vulnerability of the cgi-bin/webupg component of D-Link DIR-825AC G1 microprogramming router software is related to authentication deficiencies when processing the autoupgrade.asp parameter. Exploiting this vulnerability allows a hacker to bypass security restrictions using a specially create...

D-Link DIR-825 G1 Command Injection Vulnerability

The DIR-825 G1 is a router from D-Link in Taiwan, China. A command injection vulnerability exists in the D-Link DIR-825 G1 firmware version, which stems from a lack of parameter validation in the "webupg" binary file. The vulnerability can be exploited to execute arbitrary system commands with th...

CVE-2021-46442

In the "webupg" binary of D-Link DIR-825 G1, attackers can bypass authentication through parameters "autoupgrade.asp", and perform functions such as downloading configuration files and updating firmware without authorization...

CVE-2021-46441

In the "webupg" binary of D-Link DIR-825 G1, because of the lack of parameter verification, attackers can use "cmd" parameters to execute arbitrary system commands after obtaining authorization...

CVE-2021-46441

In the "webupg" binary of D-Link DIR-825 G1, because of the lack of parameter verification, attackers can use "cmd" parameters to execute arbitrary system commands after obtaining authorization...

CVE-2021-46442

In the "webupg" binary of D-Link DIR-825 G1, attackers can bypass authentication through parameters "autoupgrade.asp", and perform functions such as downloading configuration files and updating firmware without authorization...

Authorization

In the "webupg" binary of D-Link DIR-825 G1, because of the lack of parameter verification, attackers can use "cmd" parameters to execute arbitrary system commands after obtaining authorization...

Authorization

In the "webupg" binary of D-Link DIR-825 G1, attackers can bypass authentication through parameters "autoupgrade.asp", and perform functions such as downloading configuration files and updating firmware without authorization...

CVE-2021-46441

In the "webupg" binary of D-Link DIR-825 G1, because of the lack of parameter verification, attackers can use "cmd" parameters to execute arbitrary system commands after obtaining authorization...

CVE-2021-46441

CVE-2021-46441 affects D-Link DIR-825 G1 firmware with the webupg binary. The vulnerability arises from a lack of parameter verification, allowing an attacker who has obtained authorization to supply cmd parameters that execute arbitrary system commands. Connected advisories corroborate a command...

CVE-2021-46442

In the "webupg" binary of D-Link DIR-825 G1, attackers can bypass authentication through parameters "autoupgrade.asp", and perform functions such as downloading configuration files and updating firmware without authorization...